SSO Login URL for Realms .
232 views
Skip to first unread message
Anburaj Palraj
May 28, 2024, 10:55:39 AM5/28/24
to Keycloak User
Hi Friends,
I have created Multiple realms on Keycloak portal and now i want to provide SSO login URL for Users to access their applications instead of using their actual application portal URL.
Kindly help me to achieve this
Kindly help me to achieve this
Alexander Schwartz
May 28, 2024, 11:05:15 AM5/28/24
to Keycloak User
Hi Anburaj,
the intended use of Keycloak as a SSO is the following:
* Ask the users to open the URL of the application
* The application then redirects to Keycloak as part of the OAuth Authentication Code flow.
* Once the authentication is completed, Keycloak redirects back to the application providing the application with a code that it can then use to get a token
See https://quarkus.io/guides/security-oidc-code-flow-authentication for a more detailed description and a diagram.
So you'll never direct a user to go to the Keycloak URL directly.
Best,
Alexander
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/8fe93047-9ffc-4074-ac0f-26b97773aa17n%40googlegroups.com.
Alexander Schwartz, RHCE
He/Him
Principal Software Engineer, Keycloak Maintainer
Red Hat - Germany remote
 |
Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Garth
May 28, 2024, 11:20:51 AM5/28/24
to keyclo...@googlegroups.com
In general, you can just send them to a URL for your application/Client, which, assuming it is properly protected by Keycloak, do the correct redirects to log in the user.
However, if you are interested in a "dashboard" like many IAM systems (Okta, Azure, etc.) have that show you what applications the user has access to, I often use the Keycloak Account, Applications page. Your URL will look something like this:
https://{host}/{relative_path}/realms/{realm}/account/#/applications
Which satisfies the need of having a Keycloak URL that the user can be directed to, will challenge them to log in, and then display which applications/Clients they can access.
However, I'm not sure this 100% answers your question, as you mentioned multiple Realms rather than multiple Clients. Keycloak is only meant to do SSO within a single Realm for multiple applications/Clients.
However, if you are interested in a "dashboard" like many IAM systems (Okta, Azure, etc.) have that show you what applications the user has access to, I often use the Keycloak Account, Applications page. Your URL will look something like this:
https://{host}/{relative_path}/realms/{realm}/account/#/applications
Which satisfies the need of having a Keycloak URL that the user can be directed to, will challenge them to log in, and then display which applications/Clients they can access.
However, I'm not sure this 100% answers your question, as you mentioned multiple Realms rather than multiple Clients. Keycloak is only meant to do SSO within a single Realm for multiple applications/Clients.
> --
> You received this message because you are subscribed to the Google
> Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/keycloak-user/8fe93047-9ffc-4074-ac0f-26b97773aa17n%40googlegroups.com
> <https://groups.google.com/d/msgid/keycloak-user/8fe93047-9ffc-4074-ac0f-26b97773aa17n%40googlegroups.com?utm_medium=email&utm_source=footer>.
> You received this message because you are subscribed to the Google
> Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/keycloak-user/8fe93047-9ffc-4074-ac0f-26b97773aa17n%40googlegroups.com
Reply all
Reply to author
Forward
0 new messages